URLhaus Database

You are currently viewing the URLhaus database entry for http://80.64.18.161/well/random.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3538340
URL: http://80.64.18.161/well/random.exe
URL Status:Offline
Host: 80.64.18.161
Date added:2025-05-08 05:10:11 UTC
Last online:2025-05-13 12:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2025-05-08 05:11:07 UTC to abuse{at}stimllc[dot]ru)
Takedown time:5 days, 7 hours, 29 minutes Bad (down since 2025-05-13 12:40:13 UTC)

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-05-10random.exeexe e8014072a8b196b5a339f7be8e5828f15b422362a3a81203fdd54322bc0059a1Virustotal results 43.06% CredentialFlusher
2025-05-09random.exeexe 26a081e571d00dbe5858e13a76676f372b6d22b44468793bff37a0a09fbef406Virustotal results 25.00% CredentialFlusher
2025-05-09random.exeexe a20296afef14cc70aab5381accbb8965825a35c4c020479d9e8952a088fa73e4n/a CredentialFlusher
2025-05-09random.exeexe a2c7248c6c1997e975e8d560087292f9964d16b5d4f61f67ce2e31b8437ffe14n/a CredentialFlusher
2025-05-08random.exeexe 42753ad5db231525aa7878fff2ca78297aa25260d5a1ef7c825855dbaceafbf1n/a CredentialFlusher
2025-05-08random.exeexe 203862e9f8e0e3d7540acf457651b35e3c4854ecb8065105aa5df8e9afd5e0fen/a CredentialFlusher
2025-05-08random.exeexe 49e0d9e1a6a7c44b45070646f33e72d4a310cd84dd89876552f8f1e5f6d3bf5dn/a CredentialFlusher
2025-05-08random.exeexe 0decd6f31b53a145e5590f20075ade4f612229530bcb8131f355af90dcbefe26n/aCredentialFlusher
2025-05-08random.exeexe ab3d416d7d12867198caefde2d1a097f976224b9fe481901117e135c534c6c00n/a CredentialFlusher
2025-05-08random.exeexe f9102b7705a7acce71d5e702515f1f9a50dcd87856caa1247f255fff36d3a604n/a CredentialFlusher
2025-05-08random.exeexe 55093a1ad021f96f39d5219f5f1c44f0a8c59329da088f9a86c7321d67777d03n/a CredentialFlusher
2025-05-08random.exeexe 72efe94303d7aa3926402540d41391129957f62267d6f3dab2afb68f9d8adc22n/a CredentialFlusher
2025-05-08random.exeexe c445a9b3220d8861c7ee8bf8f8ea88197ecc828deafe8b4520bc73c156c344e0n/a CredentialFlusher
2025-05-08random.exeexe f8347b22c8243d10ef12343f69c9ff404c05060e89296215438a4dc5f326c9c0Virustotal results 26.39% CredentialFlusher
2025-05-08random.exeexe 12ebaa4c5b16c69430c434be47a410abd958bd625c10b4c977e003dbc0ccb7c4n/a CredentialFlusher